- From: Rob McDougall <RMcDouga@JetForm.com>
- Date: Tue, 11 Apr 2000 11:58:30 -0400
- To: "'Kenneth Bandes'" <kbandes@home.com>, XForms <www-forms@w3.org>
This was discussed very early on and in the end, it was decided that it was a "future consideration". It's an important consideration, but not one that we wanted to tackle in XForms 1.0. The idea of separating out the data, form and style was too compelling to ignore and I think that the group in general felt that this did not preclude using digital signatures for non-repudiation in the future. My personal view is that including the presentation in the signature's "fingerprint" (i.e. the signature value) is sufficient to ensure that the data will not verify with a different presentation. Physical transportation and packaging of the presentation with the data is not actually required. Rob -----Original Message----- From: Kenneth Bandes [mailto:kbandes@home.com] Sent: April 10, 2000 9:13 PM To: XForms Subject: Digital Signatures? The XForms requirements document pretty much just has a place holder for a discussion of digital signatures. I was wondering what the current thinking of the working group was. The three level architecture of XForms I think is exactly right and necessary for the requirements as described. However, there's a white paper at the PureEdge site that makes a surprisingly strong case for combining all these things (data, logic, and presentation) in one unit (http://www.uwi.com/xfdl/digest/feature.html). The argument is based on the requirement of non-repudiation, which seems to dictate that what is being signed includes what was reliably presented to the user. Since, for example, style sheets can significantly add, delete, or rearrange content, the signature needs to include the precise display instructions used - otherwise, the signer could claim that he had not actually seen (or been aware of the existence of) portions of what he apparently signed. I imagine this could be worked around by signing an MHTML file or some other mime multipart/related type format, containing the user data, form specification, and style sheet. Is that where this stuff is headed? Alternatively, I suppose the signature could cover URIs and digests of the remote components. This might mean that the data representation (the bottom of the three layers) would contain these URIs and checksums, verifiably indicating what form template and style sheet (as well as any other components, such as graphics) were actually presented to the user who entered this data. Anyway, for long-term archiving of the transaction, I guess you'd still want actual copies of these components. I'm sure I'm just restating badly what you folks have already figured out. I'd be interested to hear something more authoritative on the subject. Thanks, Ken Bandes
Received on Tuesday, 11 April 2000 12:00:15 UTC